G5plus Essential Real Estate — known CVE vulnerabilities
Every CVE whose affected-product data names G5plus Essential Real Estate, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-6140 — CVSS 8.8 (high): The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from…
CVE-2025-30849 — CVSS 8.1 (high): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential…
CVE-2025-48126 — CVSS 8.1 (high): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential…
CVE-2023-6827 — CVSS 7.5 (high): The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the…
CVE-2023-6139 — CVSS 6.5 (medium): The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other…
CVE-2024-4273 — CVSS 6.4 (medium): The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode…
CVE-2023-6141 — CVSS 5.4 (medium): The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other…
CVE-2024-4274 — CVSS 4.3 (medium): The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the…
CVE-2025-24698 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request…
CVE-2024-12329 — CVSS 4.3 (medium): The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several…